Collin Jackson
ABSTRACT
Combining data and code from third-party sources has enabled a new wave of web mashups that add creativity and functionality to web applications. However, browsers are poorly designed to pass data between domains, often forcing web developers to abandon security in the name of functionality. To address this deficiency, we developed Subspace, a cross-domain communication mechanism that allows efficient communication across domains without sacrificing security. Our prototype requires only a small JavaScript library, and works across all major browsers. We believe Subspace can serve as a new secure communication primitive for web mashups.
- Vikram Agrawal. TODO List. http://googlemodules.com/module/612/.Google Scholar
- Richard Cornford. JavaScript Closures, March 2004. http://jibbering.com/faq/faq_notes/closures.html.Google Scholar
- D. Crockford. JSONRequest. http://www.json.org/jsonrequest.html.Google Scholar
- Flickr Services API. http://www.flickr.com/services/api/.Google Scholar
- C. Fournet and A. D. Gordon. Stack Inspection: Theory and Variants. In Symposium on Principles of Programming Languages, 2001. Google ScholarDigital Library
- Web Hypertext Application Technology Working Group. Web Applications 1.0, February 2007. http://www.whatwg.org/specs/web-apps/current-work/.Google Scholar
- ECMA International. Standard ECMA-262, December 1999.Google Scholar
- C. Jackson, A. Bortz, D. Boneh, and J. Mitchell. Protecting Browser State Against Web Privacy Attacks. In Proc. WWW, 2006. Google ScholarDigital Library
- T. Powell and F. Schneider. JavaScript: The Complete Reference. McGraw-Hill/Osborne, second edition. Google ScholarDigital Library
- C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML . In Proc. OSDI, 2006. Google ScholarDigital Library
- J. Ruderman. JavaScript Security: Same Origin. http://www.mozilla.org/projects/security/components/same-origin.html.Google Scholar
- W3C. Authorizing Read Access to XML Content Using the <?access-control?> Processing Instruction 1.0. http://www.w3.org/TR/access-control/, May 2006.Google Scholar
Index Terms
- Subspace: secure cross-domain communication for web mashups
Recommendations
A Secure Proxy-Based Cross-Domain Communication for Web Mashups
ECOWS '11: Proceedings of the 2011 IEEE Ninth European Conference on Web ServicesA web mashup is a web application that integrates content from heterogeneous sources to provide users with a more integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the ...
A secure proxy-based cross-domain communication for web mashups
A web mashup is a web application that integrates content from heterogeneous sources to provide users with an integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the ...
Improving accessibility for existing websites spanning multiple domains
UAHCI'07: Proceedings of the 4th international conference on Universal access in human-computer interaction: applications and servicesThere are demands for improving accessibility in existing websites by enlarging text and changing the colors. Typical solutions use technologies such as ActiveX that can only run on a specific client environment. JavaScript is supported in many Web ...
Comments